coduck

The system uses `child_process.execFile` for executing external commands (`codex` CLI, `git`), which is safer than `exec` as it prevents shell injection by default. Input validation is performed using Zod schemas for API requests, mitigating common web vulnerabilities. Critically, each AI job runs in an isolated Git worktree, and the `codex` CLI is configured with `sandbox: 'workspace-write'`, limiting AI actions to this confined environment. This significantly reduces the blast radius of any malicious or erroneous AI behavior. However, `approval-policy: 'never'` implies no human intervention during AI execution, relying solely on the sandboxing and post-execution review (e.g., via `push_mode: 'never'` jobs that require manual push). The security of the overall system depends on the robustness of the `codex` CLI and the underlying AI model. The project itself does not require direct `OPENAI_API_KEY` or similar external service credentials; these would typically be configured within the `codex` CLI environment.